Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Query to show average count and minimum for date_month and date_day

Strangertinz
Path Finder
‎02-12-2024 06:04 PM

Hi, 

I created a column chart in Splunk that shows month but will like to also indicate the day of the week for each of those months

Sample query
-------------------
index=_internal
| bucket _time span =1d
|eval month=strftime(_time,"%b")
| eval day=strftime(_time,"%a")
| stats avg(count) as Count max(count) as maximum by month, day

Labels (6)
Labels
0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-12-2024 11:53 PM

Hi @Strangertinz,

your search seems to be correct, what's your issue?

Ciao.

Giuseppe

0 Karma
Reply

Strangertinz
Path Finder
‎02-13-2024 05:37 AM

The issue is the graph shows month on the x axis and I want it to indicate both month and day of the week 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 05:40 AM

Hi @Strangertinz ,

please try this:

index=_internal
| bucket _time span =1d
| eval date=strftime(_time,"%a-%b")
| stats avg(count) as Count max(count) as maximum by date

Ciao.

Giuseppe

0 Karma
Reply

Strangertinz
Path Finder
‎02-13-2024 06:02 AM

Thanks for your quick response but the query is not working 

0 Karma
Reply

gcusello
SplunkTrust
SplunkTrust
‎02-13-2024 06:30 AM

Hi @Strangertinz ,

sorry but what do you want to calculate with avg(count) and max(count)?

count isn't a field to calculate average or maximun.
you can have the count of events by period

index=_internal
| bucket _time span =1d
| eval date=strftime(_time,"%a-%b")
| stats count by date

Ciao.

Giuseppe

0 Karma
Reply

Strangertinz
Path Finder
‎02-13-2024 06:36 AM

I want to calculate average count per day and maximum count per month. Like all the Mondays , Tuesdays of a given month combined and averaged 

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...